[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 16 21:10:47 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2191463 by security tracker role at 2021-09-16T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3809
+ RESERVED
+CVE-2021-3808
+ RESERVED
+CVE-2021-3807
+ RESERVED
+CVE-2021-3806
+ RESERVED
+CVE-2021-3805
+ RESERVED
CVE-2021-41303
RESERVED
CVE-2021-41302
@@ -452,8 +462,7 @@ CVE-2021-41081
RESERVED
CVE-2021-41080
RESERVED
-CVE-2021-41079 [denial of service]
- RESERVED
+CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
@@ -1375,10 +1384,10 @@ CVE-2021-40672
RESERVED
CVE-2021-40671
RESERVED
-CVE-2021-40670
- RESERVED
-CVE-2021-40669
- RESERVED
+CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ TODO: check
+CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ TODO: check
CVE-2021-40668
RESERVED
CVE-2021-40667
@@ -1905,8 +1914,8 @@ CVE-2021-3762
RESERVED
CVE-2021-40439
RESERVED
-CVE-2021-40438
- RESERVED
+CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
+ TODO: check
CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils <no-dsa> (Minor issue)
@@ -2796,10 +2805,10 @@ CVE-2021-40069
RESERVED
CVE-2021-40068
RESERVED
-CVE-2021-40067
- RESERVED
-CVE-2021-40066
- RESERVED
+CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...)
+ TODO: check
+CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...)
+ TODO: check
CVE-2021-40065
RESERVED
CVE-2021-40064
@@ -4376,7 +4385,7 @@ CVE-2021-39309
RESERVED
CVE-2021-39308
RESERVED
-CVE-2021-39307 (PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hy ...)
+CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
CVE-2021-39306
RESERVED
@@ -4491,8 +4500,8 @@ CVE-2021-39277
RESERVED
CVE-2021-39276
RESERVED
-CVE-2021-39275
- RESERVED
+CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...)
+ TODO: check
CVE-2021-3717
RESERVED
- wildfly <itp> (bug #752018)
@@ -4658,8 +4667,7 @@ CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before
NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
-CVE-2021-39239
- RESERVED
+CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...)
NOT-FOR-US: Apache Jena
CVE-2021-39238
RESERVED
@@ -4715,8 +4723,8 @@ CVE-2021-39216
RESERVED
CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
- jitsi-meet <itp> (bug #760485)
-CVE-2021-39214
- RESERVED
+CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
+ TODO: check
CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
@@ -4738,8 +4746,8 @@ CVE-2021-39209 (GLPI is a free Asset and IT management software package. In vers
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2021-39208
- RESERVED
+CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...)
+ TODO: check
CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
@@ -10455,7 +10463,7 @@ CVE-2021-36719
RESERVED
CVE-2021-36718
RESERVED
-CVE-2021-36717 (In order to perform a directory traversal attack, all an attacker need ...)
+CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
NOT-FOR-US: Node is-email
@@ -11652,8 +11660,8 @@ CVE-2021-36162 (Apache Dubbo supports various rules to support configuration ove
NOT-FOR-US: Apache Dubbo
CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...)
NOT-FOR-US: Apache Dubbo
-CVE-2021-36160
- RESERVED
+CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
+ TODO: check
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
NOT-FOR-US: libfetch
CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
@@ -14838,8 +14846,8 @@ CVE-2021-34800
RESERVED
CVE-2021-34799
RESERVED
-CVE-2021-34798
- RESERVED
+CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...)
+ TODO: check
CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
NOT-FOR-US: Secure 8 (Evalos)
CVE-2021-34797
@@ -15339,18 +15347,18 @@ CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM
NOT-FOR-US: WAGO
CVE-2021-34577
RESERVED
-CVE-2021-34576
- RESERVED
+CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...)
+ TODO: check
CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...)
NOT-FOR-US: MB connect line
CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...)
NOT-FOR-US: MB connect line
-CVE-2021-34573
- RESERVED
-CVE-2021-34572
- RESERVED
-CVE-2021-34571
- RESERVED
+CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...)
+ TODO: check
+CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...)
+ TODO: check
+CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...)
+ TODO: check
CVE-2021-34570
RESERVED
CVE-2021-34569
@@ -27383,8 +27391,8 @@ CVE-2021-29844
RESERVED
CVE-2021-29843
RESERVED
-CVE-2021-29842
- RESERVED
+CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
+ TODO: check
CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
NOT-FOR-US: IBM
CVE-2021-29840
@@ -27417,8 +27425,8 @@ CVE-2021-29827
RESERVED
CVE-2021-29826
RESERVED
-CVE-2021-29825
- RESERVED
+CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
+ TODO: check
CVE-2021-29824
RESERVED
CVE-2021-29823
@@ -27541,8 +27549,8 @@ CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker t
NOT-FOR-US: IBM
CVE-2021-29764
RESERVED
-CVE-2021-29763
- RESERVED
+CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
+ TODO: check
CVE-2021-29762
RESERVED
CVE-2021-29761
@@ -27563,8 +27571,8 @@ CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
NOT-FOR-US: IBM
CVE-2021-29753
RESERVED
-CVE-2021-29752
- RESERVED
+CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...)
+ TODO: check
CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
NOT-FOR-US: IBM
CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
@@ -33459,10 +33467,10 @@ CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impa
NOT-FOR-US: SerenityOS
CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
NOT-FOR-US: D-Link
-CVE-2021-27341
- RESERVED
-CVE-2021-27340
- RESERVED
+CVE-2021-27341 (OpenSIS Community Edition version <= 7.6 is affected by a local fil ...)
+ TODO: check
+CVE-2021-27340 (OpenSIS Community Edition version <= 7.6 is affected by a reflected ...)
+ TODO: check
CVE-2021-27339
RESERVED
CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...)
@@ -94866,8 +94874,8 @@ CVE-2020-14132
RESERVED
CVE-2020-14131
RESERVED
-CVE-2020-14130
- RESERVED
+CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...)
+ TODO: check
CVE-2020-14129
RESERVED
CVE-2020-14128
@@ -94878,8 +94886,8 @@ CVE-2020-14126
RESERVED
CVE-2020-14125
RESERVED
-CVE-2020-14124
- RESERVED
+CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
+ TODO: check
CVE-2020-14123
RESERVED
CVE-2020-14122
@@ -94888,8 +94896,8 @@ CVE-2020-14121
RESERVED
CVE-2020-14120
RESERVED
-CVE-2020-14119
- RESERVED
+CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...)
+ TODO: check
CVE-2020-14118
RESERVED
CVE-2020-14117
@@ -94908,8 +94916,8 @@ CVE-2020-14111
RESERVED
CVE-2020-14110
RESERVED
-CVE-2020-14109
- RESERVED
+CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
+ TODO: check
CVE-2020-14108
RESERVED
CVE-2020-14107
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21914639269f33c004d7353cf27ec3c222f0e08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21914639269f33c004d7353cf27ec3c222f0e08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210916/f5baf6ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list